Updated calibre packages fix security vulnerability

ReDoS vulnerability in htmlpreprocessrules in ebooks/conversion/preprocess.py...

Updated eclipse packages fix security vulnerability

Authenticate active help requests to the local help web server CVE-2020-27225...

Updated e2guardian packages fix security vulnerability

e2guardian did not validate TLS hostnames CVE-2021-44273...

Updated python-lxml packages fix security vulnerability

HTML Cleaner allows crafted and SVG embedded scripts to pass through CVE-2021-43818...

Updated libtpms/swtpm packages fix security vulnerability

CryptSym: fix AES output IV CVE-2021-3505. Fixed a context save and suspend/resume problem when public keys are loaded. Reset too large size indicators in TPM2B to avoid access beyond buffer CVE-2021-3623 Restore original value in buffer if unmarshalled one was illegal Fixed out-of-bounds access...

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.11 and fixes at least the following security issues: netdevsim: Zero-initialize memory for new map's value in function nsimbpfmapalloc CVE-2021-4135. Potentially malicious XEN PV backends can cause guest DoS due to unhardened frontends in the...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.11 and fixes at least the following security issues: netdevsim: Zero-initialize memory for new map's value in function nsimbpfmapalloc CVE-2021-4135. Potentially malicious XEN PV backends can cause guest DoS due to unhardened frontends in the guests,...

Updated lapack/openblas packages fix security vulnerability

Fixes out of bounds read issue in larrv functions CVE-2021-4048...

Updated golang packages fix security vulnerability

net/http: limit growth of header canonicalization cache CVE-2021-44716 syscall: don't close fd 0 on ForkExec error CVE-2021-44717...

Updated samba packages fix security vulnerability

Multiple security issues affecting ldb, samba and sssd. See references for details...

Updated thrift/golang-github-apache-thrift packages fix security vulnerability

Malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service...

Updated webkit2 packages fix security vulnerability

Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy. CVE-2021-30887 Processing maliciously crafted web content may lead to universal cross site scripting. CVE-2021-30890...

Updated ldns packages fix security vulnerability

Heap out-of-bound read vulnerability in rrfrmstrinternal function Heap out-of-bound read vulnerability in ldnsnsec3saltdata function Fixed time memory compare for Openssl 0.9.8...

Updated php packages fix security vulnerability

Out of bounds in phppcrereplaceimpl CVE-2017-9118 Multiple bugs fixed. See referenced changelog for details...

Updated ruby packages fix security vulnerability

Bundler sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application...

Updated thunderbird packages fix security vulnerability

OpenPGP signature status doesn't consider additional message content. CVE-2021-4126 Matrix chat library libolm bundled with Thunderbird vulnerable to a buffer overflow. CVE-2021-44538...

Updated netcdf packages fix security vulnerability

Multiple security issues found in ezXML, bundled in netcdf...

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.10 and fixes at least the following security issues: A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close and fget simultaneously and can potentially...

Updated apache packages fix security vulnerabilities

Updated apache packages fix security vulnerabilities: A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Uni...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.10 and fixes at least the following security issues: A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close and fget simultaneously and can potentially trigger a...

Updated x11-server packages fix security vulnerabilities

Updated x11-server packages fix security vulnerabilities: The handler for the CompositeGlyphs request of the Render extension does not properly validate the request length leading to out of bounds memory write CVE-2021-4008. The handler for the CreatePointerBarrier request of the XFixes extension...

Updated apache-mod_security packages fix security vulnerability

Updated apache-modsecurity packages fix security vulnerability: ModSecurity mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP...

Updated log4j packages fix security vulnerability

Updated log4j packages fix security vulnerability: Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is...

Updated watchdog packages fix security issue

Updated watchdog packages fixes an issue with a memory leak when verbose mode is on...

Updated privoxy packages fix security vulnerabilities

Updated privoxy packages fix security vulnerabilities: A security issue has been found in Privoxy before version 3.0.33. geturlspecparam did not free memory of compiled pattern spec before bailing CVE-2021-44540. A security issue has been found in Privoxy before version 3.0.33...

Updated olm packages fix security vulnerability

Updated olm packages fix security vulnerability: The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of t...

Updated matio packages fix security vulnerability

Updated matio packages fix security vulnerability: A memory leak was discovered in MatVarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case CVE-2019-20052...

Updated dovecot packages fix security vulnerabilities

Updated dovecot packages fix security vulnerabilities: The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension CVE-2020-28200. Dovecot before 2.3.15 allows ../ Path Traversal. An...

Updated bind packages fix security vulnerability

Updated bind packages fix security vulnerability: Kishore Kumar Kothapalli discovered that the lame server cache in BIND, a DNS server implementation, can be abused by an attacker to significantly degrade resolver performance, resulting in denial of service large delays for responses for client...

Updated hiredis packages fix security vulnerability

Updated hiredis packages fix security vulnerability: It was discovered that there was an integer-overflow vulnerability in hiredis, a C client library for communicating with Redis databases. This occurred within the handling and parsing of 'multi-bulk' replies CVE-2021-32765...

Updated vim packages fix security vulnerability

Updated vim packages fix security vulnerability: vim is vulnerable to Use After Free CVE-2021-4069...

Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: == Security fixes == T292763. CVE-2021-44854 REST API incorrectly publicly caches autocomplete search results from private wikis. T271037, CVE-2021-44856 Title blocked in AbuseFilter can be created via Special:ChangeContentModel. T297322,...

Updated botan2 packages fix security vulnerability

Updated botan2 packages fix security vulnerability: The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the...

Updated log4j packages fix security vulnerability

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

Updated keepalived packages fix security vulnerability

In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable writable property...

Updated pjproject packages fix security vulnerability

Updated pjproject packages fix security vulnerability: In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/ listener may get...

Updated openssh packages fix security vulnerability

Updated openssh packages fix security vulnerability: sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and...

Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities. The chromium-browser-stable package has been updated to 96.0.4664.110 version that fixes multiples security vulnerabilities. One of these CVEs is known to be actively exploited. Insufficient data validation in Mojo...

Updated log4j packages fix security vulnerability

Apache Log4j2 =2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when...

Updated chromium-browser-stable packages fix security vulnerability

CVE-2021-4052: Use after free in web apps. CVE-2021-4053: Use after free in UI. CVE-2021-4079: Out of bounds write in WebRTC. CVE-2021-4054: Incorrect security UI in autofill. CVE-2021-4078: Type confusion in V8. CVE-2021-4055: Heap buffer overflow in extensions. CVE-2021-4056: Type Confusion in...

Updated libvirt packages fix security vulnerability

Fix deadlock on virStoragePoolLookupByTargetPath failure bz 1986113 CVE-2021-3667 More CAPSETPCAP warning fixes bz 1924218 Handle unknown firmware.json errors...

Updated python-django packages fix security vulnerability

Potential bypass of an upstream access control based on URL paths. CVE-2021-44420 HTTP requests for URLs with trailing newlines could bypass an upstream access control based on URL paths...

Updated opencontainers-runc packages fix security vulnerability

It was discovered that there was an overflow issue in runc, the runtime for the Open Container Project, often used with Docker. The Netlink 'bytemsg' length field could have allowed an attacker to override Netlink-based container configurations. This vulnerability required the attacker to have so...

Updated firefox packages fix security vulnerability

Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL CVE-2021-43536. An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash due to a heap...

Updated fetchmail packages fix security vulnerability

Update to fetchmail 6.4.24 fixes STARTTLS session encryption bypassing. CVE-2021-39272...

Updated speex packages fix security vulnerability

Fixed zero division error in readsamples bsc1192580. CVE-2020-23903...

Updated curaengine packages fix security vulnerability

Buffer overflow vulnerability in function stbiextendreceive in stbimage.h in stb 2.26 via a crafted JPEG file. CVE-2021-28021 An issue was discovered in stb stbimage.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An...

Updated thunderbird packages fix security vulnerability

Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities CVE-2021-43528. Under certain...

Updated vim packages fix security vulnerability

heap-based buffer overflow in findhelptags in src/help.c...

Updated java openjdk packages fix security vulnerability

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: Loop in HttpsServer triggered during TLS session close JSSE, 8254967 CVE-2021-35565 OpenJDK: Incorrect principal selection when using Kerberos...